An Australian government contractor which had been paid more than $1,000,000 to deliver e-security alert services to the citizens somehow managed to lose 8,000 subscribers’ personal data in the post.

AusCERT is the company that won the contract to run staysmartonline.gov.au for 4 years, starting April 29 2008. After the contract in question expired AusCERT sent all its subscribers’ private data on a DVD to the Department of Broadband, Communications and the Digital Economy. For some reason, the company decided to send it snail mail and, unsurprisingly, the post office promptly lost the package.

The local media revealed that the “Stay Smart Online Team” has sent an email to the website’s 8,000 subscribers, explaining that the data which had “gone missing” on the DVD contained people’s usernames, email addresses, memorable phrases and passwords. The team was quick to specify that the passwords were “unreadable”, so the subscribers shouldn’t have had any reason to believe that their data had “been found and misused by someone else”.

Nevertheless, Stay Smart Online recommended the subscribers to consider the idea of changing their usernames, memorable phrase and passwords for other sites and online services.

While it is unclear whether the package was sent registered mail or not, many people have to wonder why the information wasn’t just sent electronically. As for the company responsible for the sensitive data, they refused to comment, claiming that media enquiries were being handled by the DBCDE. It seems that while probably being smarter online they turned out to be rubbish when it came to using the post. In response, Australia Post claims that the DVD wasn’t sent registered mail.